1、BSI Standards PublicationBS ISO/IEC 15149-4:2016Information technology T e l e c o m m u n i c a t i o n s a n dinformation exchange betweensystems Magnetic field areanetwork (MFAN)Part 4: Security Protocol for AuthenticationBS ISO/IEC 15149-4:2016 BRITISH STANDARDNational forewordThis British Stand
2、ard is the UK implementation of ISO/IEC15149-4:2016.The UK participation in its preparation was entrusted to TechnicalCommittee IST/6, Data communications.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all
3、 the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2016.Published by BSI Standards Limited 2016ISBN 978 0 580 86907 5ICS 35.110Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standar
4、d was published under the authority of theStandards Policy and Strategy Committee on 31 January 2016.Amendments/corrigenda issued since publicationDate T e x t a f f e c t e dBS ISO/IEC 15149-4:2016Information technology Telecommunications and information exchange between systems Magnetic field area
5、 network (MFAN) Part 4: Security Protocol for AuthenticationTechnologies de linformation Tlinformatique Rseau de zone de champ magntique (MFAN)INTERNATIONAL STANDARDISO/IEC15149-4Reference numberISO/IEC 15149-4:2016(E)First edition2016-01-15 ISO/IEC 2016BS ISO/IEC 15149-4:2016ii ISO/IEC 2016 All rig
6、hts reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the interne
7、t or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrigh
8、tiso.orgwww.iso.orgISO/IEC 15149-4:2016(E)BS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E)Foreword ivIntroduction v1 Scope . 12 Normative references 13 Terms and definitions . 14 Symbols and abbreviated terms . 24.1 Symbols . 24.2 Abbreviated terms . 25 Overview . 26 Network elements . 36.1 General .
9、36.2 Time element 36.3 Physical element 36.4 Address element 37 Network functions. 37.1 General . 37.2 Request period 47.3 Response period 47.4 Confirmation period . 47.5 Key generation 48 Network status 58.1 General . 58.2 Network authentication 59 MAC layer frame format 59.1 General . 59.2 Frame f
10、ormat 59.3 Frame type 59.4 Payload format 59.4.1 Request frame 59.4.2 Response frame . 69.4.3 Response confirmation frame 710 MAC layer function 910.1 General . 910.2 Authentication . 9Annex A (informative) Security considerations .10Bibliography .11 ISO/IEC 2016 All rights reserved iiiContents Page
11、BS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E)ForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the developm
12、ent of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental
13、, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directiv
14、es, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the
15、 elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declara
16、tions received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information abou
17、t ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary informationThe committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC 6, Telecommunications and information exchange between syst
18、ems.This first edition of ISO/IEC 15149-4, together with ISO/IEC 15149-1, ISO/IEC 15149-2, and ISO/IEC 15149-3, cancels and replaces ISO/IEC 15149:2011, which has been technically revised.ISO/IEC 15149 consists of the following parts, under the general title Information technology Telecommunications
19、 and information exchange between systems: Part 1: Air Interface Part 2: In-Band Control Protocol for Wireless Power Transfer Part 3: Relay Protocol for Extended Range Part 4: Security Protocol for Authenticationiv ISO/IEC 2016 All rights reservedBS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E)Introdu
20、ctionThis part of ISO/IEC 15149 provides protocols for magnetic field area networks (MFAN). MFAN can support the service based on wireless communication and wireless power transfer in harsh environments. MFAN is composed of four protocols; air interface, in-band control protocol, relay protocol and
21、security protocol for authentication.The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) draw attention to the fact that it is claimed that compliance with this document may involve the use of patents concerning MFSec technology given in this
22、part of ISO/IEC 15149.ISO and IEC take no position concerning the evidence, validity and scope of these patent rights.The holders of these patent rights have assured the ISO and IEC that they are willing to negotiate licences under reasonable and non-discriminatory terms and conditions with applican
23、ts throughout the world. In this respect, the statements of the holders of these patent rights are registered with ISO and IEC.Information on the declared patents may be obtained from:Patent Holder: China IWNCOMM Co., Ltd.Address: A201, QinFengGe, Xian Software Park, No. 68, Keji 2nd Road, Xian Hi-T
24、ech Industrial Development Zone, Xian Shaanxi, P. R. China 710075Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights other than those identified above. ISO and IEC shall not be held responsible for identifying any or all such patent ri
25、ghts.ISO (www.iso.org/patents) and IEC (http:/patents.iec.ch) maintain on-line databases of patents relevant to their standards. Users are encouraged to consult the databases for the most up to date information concerning patents. ISO/IEC 2016 All rights reserved vBS ISO/IEC 15149-4:2016BS ISO/IEC 1
26、5149-4:2016Information technology Telecommunications and information exchange between systems Magnetic field area network (MFAN) Part 4: Security Protocol for Authentication1 ScopeThis part of ISO/IEC 15149 specifies security protocol for authentication in magnetic field networks.2 Normative referen
27、cesThe following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO/I
28、EC 15149-1:2014, Information technology Telecommunications and information exchange between systems Magnetic field area network (MFAN) Part 1: Air InterfaceISO/IEC 15149-3:2016, Information technology Telecommunications and information exchange between systems Magnetic field area network (MFAN) Part
29、 3: Relay Protocol for Extended Range3 Terms and definitionsFor the purposes of this document, the following terms and definitions apply.3.1Magnetic Field Area NetworkMFANwireless network that provides reliable communication in harsh environments using magnetic field3.2Magnetic Field Area Network Co
30、ordinatorMFAN-Cdevice that manages the connection and release of nodes within the communication area and the sending and receiving time of data in an MFAN3.3Magnetic Field Area Network NodeMFAN-NA device except the coordinator that forms a network in an MFANINTERNATIONAL STANDARD ISO/IEC 15149-4:201
31、6(E) ISO/IEC 2016 All rights reserved 1BS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E)4 Symbols and abbreviated terms4.1 Symbols exclusive or| concatenationOnfixed value+ binary addition4.2 Abbreviated termsAuRc Authentication Response ConfirmationAuRq Authentication RequestAuRs Authentication Repons
32、eMFSec MFAN SecurityPSK Pre-Shared KeyRN Random NumberRNc Random Number generated by CoordinatorRNn Random Number generated by NodeSORNc Secret Output with Random Number computed by CoordinatorSORNn Secret Output with Random Number computed by NodeSRNc Secret Random Number generated by CoordinatorSR
33、Nn Secret Random Number generated by NodeSS Shared SecretUID Unique IdentifierUIDCUnique Identifier of CoordinatorUIDNUnique Identifier of Node5 OverviewMFAN, like some other networks, e.g. Wireless Sensor Networks, suffered from many specific network security threats. To countermeasure those threat
34、s, some security procedures should be deployed in such networks.The security threats of networks, which are specified in the ITU-T X.800 and ITU-T X.805, are applicable to MFAN, as follows: Destruction of information and/or other resources Corruption or modification of information Disclosure of info
35、rmation2 ISO/IEC 2016 All rights reservedBS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E)In addition, the specific threats to nodes such as sensor mode compromise, eavesdropping, privacy of sensed data, denial of service attack, and malicious use of commodity network are also applicable to MFAN.The fo
36、llowing security requirements specified in ITU-T X.805 could be applicable to MFAN: Data Confidentiality Data Authentication/identification Data IntegrityThis part of ISO/IEC 15149 specifies an MFAN security (MFSec) protocol that uses the exclusive or operation for mutual authentication between MFAN
37、-C and MFAN-N. See Annex A for security considerations of MFSec.NOTE The exclusive or is extremely common as a component in complex ciphers. By itself, using a constant repeating key, a simple exclusive or crypto can trivially be broken using frequency analysis. If the content of any message can be
38、guessed or otherwise known then the key can be revealed (the exclusive or crypto is vulnerable to a known-plaintext attack, since plaintextciphertext=key). Its primary advantage is that it is simple to implement, and that the exclusive or operation is computationally inexpensive. A simple repeating
39、exclusive or crypto is therefore sometimes used for hiding information in cases where either no particular or light security is required.6 Network elements6.1 GeneralThe security network elements of MFAN consist of time and physical elements.6.2 Time elementSpecified in ISO/IEC 15149-3:2016, 6.2.6.3
40、 Physical elementSpecified in ISO/IEC 15149-3:2016, 6.3.6.4 Address elementSpecified in ISO/IEC 15149-3:2016, 6.4.7 Network functions7.1 GeneralThe superframe of MFSec protocol consists of request, response and confirmation period. The authentication protocol requires that MFAN-C and MFAN-N shall ha
41、ve a PSK with 8-octet before they start the authentication procedure. How to generate and set a high quality PSK is out of the scope of this standard. The key update function is not supported in this international standard. Figure 1 shows the MFSec protocol message exchange. ISO/IEC 2016 All rights
42、reserved 3BS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E)MFAN-CMFAN-NAuthentication Request (SRNc)Authentication Response (SORNc|SRNn)Figure 1 MFSec protocol7.2 Request periodDuring the request period, MFAN-C shall generate an 8-octet random number RNc, and compute SRNc = (RNc + UIDC+ On) PSK, where
43、Onis defined by a manufacturer. MFAN-C then sends AuRq packet to MFAN-Ns. Onshall be 8-octet in length.NOTE The recommendation of the value of Onis 5555 5555 5555 5555 h.7.3 Response periodDuring the response period, MFAN-N shall compute RNc = (SRNc PSK) - UIDC- On, and SORNc = (PSK + UIDC+ On) RNc,
44、 where, PSK and RNc means bit-wise rotate PSK and RNc left for n bits, respectively (n is the number of binary value 1 of RNc). Then MFAN-N shall generate an 8-octet random number RNn and compute SRNn = (RNn + UIDN+ On) PSK. MFAN-N sends AuRs packet to the MFAN-C.When the MFAN-C receives AuRs packet
45、 from the MFAN-N, it shall compute the value of (SORNc RNc) and (PSK + UIDC+ On), then compare the value of (PSK + UIDC+ On) with (SORNc RNc). If these two values are equivalent, then the authentication is successful, otherwise the authentication is failed.7.4 Confirmation periodWhen the authenticat
46、ion procedure of MFAN-C is successful, MFAN-C shall compute RNn = (SRNn PSK) - UIDN- On, and SORNn = (PSK + UIDN+ On) RNn, where, RNn means bit-wise rotate RNn left for n bits (n is the number of binary value 1 of RNn). MFAN-C sends AuRc packet to MFAN-N.Finally, when MFAN-N receives AuRc packet fro
47、m the MFAN-C, it shall compute the value of (SORNn RNn) and (PSK + UIDN+ On), then compare the value of (PSK + UIDN+ On) with (SORNn RNn). If these two values are equivalent, then the authentication is successful, otherwise the authentication is failed.7.5 Key generationFor the MFAN-N and MFAN-C tha
48、t support secure communication or high layer secure application, a shared secret (SS) may be used and shall be established between the two nodes after the successful authentication procedure: SS= (UIDN+ UIDC)RNcRNnPSK. SS service is optional.SS is used to derive additional keys used by MFAN and poss
49、ibly other applications. The lifetime of SS should be expired after disconnection. A new SS should be established or updated by a new MFSec authentication procedure. The key derivation function is out of the scope of this standard.4 ISO/IEC 2016 All rights reservedBS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E)8 Network status8.1 GeneralIn a security network of MFAN, MFAN-N may enter the active state of network authentication.8.2 Network authenticationWhen MFAN-C
